<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
 <TITLE>libuser 0.52.2: Introduction</TITLE>
 <LINK HREF="libuser-2.html" REL=next>

 <LINK HREF="libuser.html#toc1" REL=contents>
</HEAD>
<BODY>
<A HREF="libuser-2.html">Next</A>
Previous
<A HREF="libuser.html#toc1">Contents</A>
<HR>
<H2><A NAME="s1">1.</A> <A HREF="libuser.html#toc1">Introduction</A></H2>

<P>This section describes libuser: why it was written, and how it works.  How
the library is to be used will be described later.</P>

<H2><A NAME="ss1.1">1.1</A> <A HREF="libuser.html#toc1.1">Motivation</A>
</H2>

<P>When proper nsswitch functionality was introduced into glibc 2.0, it
became possible to supply third-party facilities which would allow the
standard C library (and by extension, all of a system's binaries) to pull
information about users, protocols, and services from a variety of sources
the glibc authors might not have anticipated.</P>

<P>The most common use for a new nsswitch module is supplementing the user
and group databases, extending the data sources accessed over a network
to a centrally-managed information store.  This, along with the ability to
authenticate users using networked servers (functionality provided by the
increasingly-ubiquitous Linux-PAM library) and an enterprise-class
networked filesystem, allows a properly-configured Linux workstation to
participate as a full-fledged client in a large-scale network.</P>

<P>The facilities provided by PAM allow a user to log in and change her
authentication tokens.  The nsswitch interface allows any user (even
unprivileged users like <B>nobody</B>) to look up information needed
to run applications.</P>

<P>However, there are certain functions supplied by traditional isolated
systems which such a networked workstation can't provide.  Users have no
method for modifying their non-essential information (<B>chfn</B> is broken),
and the system administrator who previously had total power over the user and
group databases must now perform all administration at the server using
tools which are designed for general modification of the information
store (hand-editing zone files for hesiod databases, <B>ldapmodify</B>,
<B>kadmin</B>) instead of the traditionally-used tools.</P>

<H2><A NAME="ss1.2">1.2</A> <A HREF="libuser.html#toc1.2">Alternative Solutions</A>
</H2>

<P>The software which comes closest to meeting these needs is
<B>pwdb</B>.  However, the pwdb library has a few design limitations
which make it unsuitable for this purpose.  Like the standard files-based
mechanisms, pwdb assumes that the superuser wields full power over the
databases it interfaces with.  The current version of pwdb provides no
facilities for managing groups(?).  The current version of pwdb can not be
extended easily by third parties due to its reliance on static linking.</P>

<H2><A NAME="ss1.3">1.3</A> <A HREF="libuser.html#toc1.3">The libuser Library</A>
</H2>

<P>The libuser library implements a fully-modular system for reading,
modifying, creating, and removing user and group accounts and account
information.  Modules which provide access to information stores can
request information from the accessing user in order to authenticate to
the information store.</P>

<HR>
<A HREF="libuser-2.html">Next</A>
Previous
<A HREF="libuser.html#toc1">Contents</A>
</BODY>
</HTML>
